If you protect everything, you protect nothing
As Mahlik digs deeper into revamping MITRE's insider threat program, he is well aware that it is impossible to protect everything. He is prioritizing threats by helping the internal threat team pinpoint areas where problems would most likely brew.
He's optimistic that with proper planning and closely coordinated policy, human and technological systems, MITRE will have its insider threat framework in place by year-end. "The magnitude of the issue is clear, and the employee population is sensitive to the need for these programs," he says.
Along these lines, Mahlik says, it's key to understand who and what cyber thieves might be targeting within the company, "which almost always includes those in the company who have privileged access to information of value." As he says, "we all understand a threat to one is a threat to all."
Sign up for CIO Asia eNewsletters.